Linux Kernel Vulnerability Affecting UNIX Domain Socket Management
CVE-2026-31673

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31673?

A vulnerability in the Linux kernel affects the management of UNIX domain sockets. Specifically, it involves the handling of UNIX_DIAG_VFS data, where the reference management for the socket is not correctly synchronized with the path reference. This can lead to instability when data is sent over the netlink attributes, potentially allowing for inconsistent states in the kernel's management of socket paths. The vulnerability has been addressed in a recent patch by ensuring that necessary references are held correctly during data lookups, enhancing the stability and reliability of UNIX domain socket operations.

Affected Version(s)

Linux 5f7b0569460b7d8d01ca776430a00505a68b7584 < 0c739f3785f84af695952c2bac8be2f45082c9b8

Linux 5f7b0569460b7d8d01ca776430a00505a68b7584 < 900a4e0910e98b8caef117d5df00471fa438dcf9

Linux 5f7b0569460b7d8d01ca776430a00505a68b7584

References

https://git.kernel.org/stable/c/0c739f3785f84af695952c2ba...

https://git.kernel.org/stable/c/900a4e0910e98b8caef117d5d...

https://git.kernel.org/stable/c/bdf206e740bf2919d818f132c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31673 Data

JSON